This study addresses “timing-induced interaction failures” in LTE and 5G core networks, a class of faults caused by improper sequencing of control-plane interactions. The work presents the first systematic definition and classification of such failures and introduces Kairos, a lightweight black-box testing framework that requires no prior knowledge of protocol specifications. By modeling control-plane interaction patterns, injecting timing perturbations, and leveraging automated testing, Kairos effectively uncovers timing-related defects in both open-source and commercial core network implementations. Evaluation on two open-source and two commercial systems revealed 20 previously unknown vulnerabilities and successfully reproduced 34 known issues, demonstrating the prevalence of timing-induced failures and filling a critical gap in existing research on temporal fault detection in cellular core networks.

As cellular core networks evolve toward distributed and cloud-native architectures, control-plane interactions become more intricate and bring new challenges. Among these challenges, we find that introducing specific timing between two control-plane interactions can cause network function crash, which we define as timing-induced interaction failures. Prior research primarily addresses identifying malformed inputs and specification violations, while timing-induced interaction failures remain largely unexplored. In this paper, we conduct a systematic study of timing-induced interaction failures in LTE and 5G core networks. First, we establish a taxonomy of control-plane interaction patterns and analyze the failure modes of each pattern. Then, we design and implement Kairos, a lightweight testing framework to expose timing-induced interaction failures without analyzing cellular standard documents. Evaluating Kairos on two open source and two commercial LTE and 5G core networks, we uncover 20 new vulnerabilities and reproduce 34 existing issues. Our results show that timing-induced interaction failures are prevalent in LTE and 5G core networks and should be explicitly considered in future specifications.